Mastodon

43 posts32 participants3 posts today

kalvnL'IA invente parfois des noms de packages qui n'existent pas et essayent de les télécharger (vibe coding, tout ça). Alors des gens ont créé ces packages sous forme de malware. Évidemment.🔗 <a href="https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/</a><a href="https://mastodon.xyz/tags/intelligenceartificielle" class="mention hashtag" rel="tag">#intelligenceartificielle</a> <a href="https://mastodon.xyz/tags/malware" class="mention hashtag" rel="tag">#malware</a> <a href="https://mastodon.xyz/tags/package" class="mention hashtag" rel="tag">#package</a>

securityaffairsSECURITY AFFAIRS <a href="https://infosec.exchange/tags/MALWARE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MALWARE</a> <a href="https://infosec.exchange/tags/NEWSLETTER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NEWSLETTER</a> ROUND 41 <a href="https://securityaffairs.com/176503/malware/security-affairs-malware-newsletter-round-41.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/176503/malware/security-affairs-malware-newsletter-round-41.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>

@990000@mstdn.socialHaha nice <a href="https://mstdn.social/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LLM</a> <a href="https://mstdn.social/tags/CyberPunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberPunk</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://bsky.app/profile/thomasfuchs.at/post/3lmnqvt35bk2z" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bsky.app/profile/thomasfuchs.at/post/3lmnqvt35bk2z</a>

Marc Ruef :verified:Ransomware Reaches A Record High, But Payouts Are Dwindling <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://www.tripwire.com/state-of-security/ransomware-reaches-record-high-payouts-are-dwindling" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.tripwire.com/state-of-security/ransomware-reaches-record-high-payouts-are-dwindling</a>

Tâi Siáu-káu 台痟狗ㄊㄇㄉ 🇳🇫 台灣國List of apps affected by <a href="https://mstdn.social/tags/BadBazaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BadBazaar</a> and <a href="https://mstdn.social/tags/Moonshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Moonshine</a> <a href="https://mstdn.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> begins on p. 20 of this document. <a href="https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf</a>

Tâi Siáu-káu 台痟狗ㄊㄇㄉ 🇳🇫 台灣國<a href="https://tldr.nettime.org/@remixtures" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@remixtures</a> List of apps affected by <a href="https://mstdn.social/tags/BadBazaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BadBazaar</a> and <a href="https://mstdn.social/tags/Moonshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Moonshine</a> <a href="https://mstdn.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> begins on p. 20 of this document. <a href="https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf</a>

Tarnkappe.info📬 Im Visier von Europol: Operation Endgame führt zu weiteren Verhaftungen <a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITSicherheit</a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.tchncs.de/tags/Botnetze" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnetze</a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybercrime</a> <a href="https://social.tchncs.de/tags/DropperMalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DropperMalware</a> <a href="https://social.tchncs.de/tags/europol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#europol</a> <a href="https://social.tchncs.de/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationEndgame</a> <a href="https://social.tchncs.de/tags/RansomwareInfrastruktur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RansomwareInfrastruktur</a> <a href="https://sc.tarnkappe.info/6f90b6" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.tarnkappe.info/6f90b6</a>

BillWell...shit. So much for captcha.<a href="https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/</a><a href="https://infosec.exchange/tags/genai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#genai</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

heise onlineGericht nennt Details zu Angriffen auf 1223 WhatsApp-User mit Pegasus-SpywareEin Gerichtsdokument verrät Standorte der Opfer, für die Angriffe genutzte Server und die Herkunft der Angriffe mit der Pegasus-Spyware auf eine WhatsApp-Lücke.<a href="https://www.heise.de/news/Gericht-nennt-Details-zu-Angriffen-auf-1223-WhatsApp-User-mit-Pegasus-Spyware-10348270.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Gericht-nennt-Details-zu-Angriffen-auf-1223-WhatsApp-User-mit-Pegasus-Spyware-10348270.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://social.heise.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacking</a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.heise.de/tags/Messaging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Messaging</a> <a href="https://social.heise.de/tags/MetaPlatforms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MetaPlatforms</a> <a href="https://social.heise.de/tags/Netzpolitik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Netzpolitik</a> <a href="https://social.heise.de/tags/Pegasus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pegasus</a> <a href="https://social.heise.de/tags/Spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spyware</a> <a href="https://social.heise.de/tags/%C3%9Cberwachung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Überwachung</a> <a href="https://social.heise.de/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatsApp</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

The New OilPolice detains <a href="https://mastodon.thenewoil.org/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Smokeloader</a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> customers, seizes servers<a href="https://www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/</a><a href="https://mastodon.thenewoil.org/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

OTX BotNewly Registered Domains Distributing SpyNote MalwareDeceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware, mimicking the Google Chrome install page on the Google Play Store. The campaign utilizes a mix of English and Chinese-language delivery sites, with Chinese-language comments in the code. The malware is distributed through a two-stage installation process, using an APK dropper to deploy the core SpyNote RAT. SpyNote is a potent Android remote access trojan capable of extensive surveillance, data exfiltration, and remote control. It aggressively requests numerous intrusive permissions, allowing for theft of sensitive data and significant remote access capabilities. The malware's keylogging functionality and ability to manipulate calls, activate cameras and microphones, and remotely wipe data make it a formidable tool for espionage and cybercrime.Pulse ID: 67f80a4aa4c9d5d796071af6 Pulse Link: <a href="https://otx.alienvault.com/pulse/67f80a4aa4c9d5d796071af6" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67f80a4aa4c9d5d796071af6</a> Pulse Author: AlienVault Created: 2025-04-10 18:13:30Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/APK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APK</a> <a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chrome</a> <a href="https://social.raytec.co/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberCrime</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DoS</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GooglePlay</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RemoteAccessTrojan</a> <a href="https://social.raytec.co/tags/SpyNote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpyNote</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Andrew 🌻 Brandt 🐇However, because this attack has been going on for two weeks, some endpoint protection tools (well, about a third of them) are catching on that this particular file is bad, and should feel bad.<a href="https://www.virustotal.com/gui/file/13d71b884a0625f3aa3805fb779d95513d0485671ab8c090a0c790ceda071e63" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/file/13d71b884a0625f3aa3805fb779d95513d0485671ab8c090a0c790ceda071e63</a>The most important lesson here is that attackers always come up with new ways to evade detection. Using a commercially available, normally legitimate remote access tool with a valid cryptographic signature lets the attacker bypass some kinds of endpoint detection.Remember to check the From: address in emails, and the destination of any links they point to. You can do this by hovering your mouse over the link without clicking, and waiting a second. If it says it's from the SSA, but it isn't pointing to SSA.gov, then it's a lie. If you find content like this useful, please follow me here, or on LinkedIn: <a href="https://www.linkedin.com/in/andrew-brandt-9603682/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.linkedin.com/in/andrew-brandt-9603682/</a>9/fin<a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a>

The New OilFake <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://mastodon.thenewoil.org/tags/Office" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Office</a> add-in tools push <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> via <a href="https://mastodon.thenewoil.org/tags/SourceForge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SourceForge</a><a href="https://www.bleepingcomputer.com/news/security/fake-microsoft-office-add-in-tools-push-malware-via-sourceforge/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/fake-microsoft-office-add-in-tools-push-malware-via-sourceforge/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Andrew 🌻 Brandt 🐇When clicked, the button delivers malware, but it's an unexpected payload: A client installer for the commercial remote-access tool ConnectWise. Every time I clicked the download link, it gave me the same file with six different random digits appended to the filename. Note that it is not, as the website implies, a PDF document, but a Windows executable file, with a .exe extension.8/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a>

Andrew 🌻 Brandt 🐇This is where I tell you: don't do this! I am a trained professional. I click all the bad links so you don't have to. I am going to show you what happens next.A button appears on this page, labeled "Access Your Statement." The site serving up this payload delivers a file named "Social Security Statement Documents [six digit random number].exe"7/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Andrew 🌻 Brandt 🐇Finally the target lands on a page on the InMotion site that closely resembles the look-and-feel of the content in the email message. The page tells the visitor, in part "Download your statement as a PDF file" and "For security reasons, we recommend accessing your statement through your secure device."Spoiler alert: It was not a PDF file.(Edit: A reader informs me that this appears to be the hosting space used by the temp agency website, and that for whatever reason, the URL appears differently here.) 6/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Andrew 🌻 Brandt 🐇The target's browser then lands on another website, hosted by a large hosting service, InMotion Hosting. As with the temp agency website, the attackers have set up multiple URLs on this site, where the first URL performs a 302 redirect to go to the second URL, for no apparent reason other than to create the URL equivalent of a Rube Goldberg contraption.5/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Andrew 🌻 Brandt 🐇That link then immediately 302 redirects the target's browser to a link on a second website, one that belongs to a temp agency based in the US state of Maryland. The attackers have created two URLs on this company's site for this purpose. The first one redirects to the second one. Again, the site appears to have been compromised and used specifically for the purpose of obfuscating the redirection chain.4/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Andrew 🌻 Brandt 🐇The first 302 redirect points to a page on a website belonging to a small business that has, apparently, been compromised and abused for this purpose. 3/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Andrew 🌻 Brandt 🐇In this attack, the spammers have been sending emails that look like this official-appearing notification from the Social Security Administration. The message says "Your Social Security Statement is ready to review" and includes a button at the bottom labeled "Download Statement." The button links to a shortened URL that uses the link-shortening service t.ly to lead the target to a chain of 302 redirects. Malware spammers often do this to fool web reputation services and obfuscate the final destination of the link.2/<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malspam</a> <a href="https://infosec.exchange/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#attacks</a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Recent searches

Search options

Administered by:

Server stats:

#malware